]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/bin/bash |
2 | ||
3 | UPGRADEVERSION=1.4.10 | |
4 | PREVIOUSVERSION="1.4."$((`echo $UPGRADEVERSION | /usr/bin/cut -f3 -d '.'`-1)) | |
5 | echo "This is the $UPGRADEVERSION update patch for IPCop $PREVIOUSVERSION installing." | |
6 | ||
7 | CURRENTVERSION=`perl -e "require '/var/ipcop/general-functions.pl';print \\$General::version;"` | |
8 | if [ "$CURRENTVERSION" != "$PREVIOUSVERSION" ]; then | |
9 | echo "You are not running IPCop v$PREVIOUSVERSION for this patch to install." | |
10 | echo "Aborting installation." | |
11 | exit -1 | |
12 | fi | |
13 | ||
14 | # general-functions might not be overwrited by patch... | |
15 | /bin/sed -i -e "s+= '1.4.*$+= '$UPGRADEVERSION';+" /var/ipcop/general-functions.pl | |
16 | ||
17 | #protect backup key fix for SF1344032 restrict access to root only | |
18 | [ -e /var/ipcop/backup/backup.key ] && /bin/chmod 400 /var/ipcop/backup/backup.key && ./fixbackups.sh | |
19 | ||
20 | /bin/tar -zxpf patch.tar.gz -C / | |
21 | ||
22 | # update linker cache (openssl CAN-2005-2969) | |
23 | /sbin/ldconfig | |
24 | ||
25 | #New option for vpn | |
26 | echo "VPN_DELAYED_START=0" >> /var/ipcop/vpn/settings | |
27 | ||
28 | #replaces ipcoprebirth/ipcopdeath with ipcopreboot | |
29 | /bin/rm -f /usr/local/bin/{ipcopdeath,ipcoprebirth} | |
30 | ||
31 | # restart new httpd apache_1.3.34 mod_ssl-2.8.25-1.3.34 mm-1.4.0 | |
32 | /bin/killall httpd | |
33 | sleep 2 | |
34 | /usr/sbin/httpd | |
35 | ||
36 | # missing from 1.4.9 update | |
37 | /usr/local/bin/setdmzholes | |
38 | ||
39 | # patched squid (CAN-2005-3258 and bug#1405) | |
40 | [ -e /var/ipcop/proxy/squid.conf ] && /usr/local/bin/restartsquid | |
41 | ||
42 | # snort now use binary logging | |
43 | /usr/local/bin/restartsnort | |
44 | # avoid 'too many arguments' on cleanup | |
45 | for i in `seq 1 9`; do | |
46 | /bin/rm -rf /var/log/snort/$i* | |
47 | done | |
48 | ||
49 | #Insert missing advanced values for VPN settings. | |
50 | #If user never went to adv screen, they are empty. | |
51 | #Whitout them, ipsec uses 3des-(sha|md5)-(768|1024|1536) | |
52 | #as default ike and esp algorythm. | |
53 | #This correction does not add 'aes128' as vpnmain, | |
54 | #so user will see effective algorythm selected. | |
55 | cp /var/ipcop/vpn/config /var/ipcop/vpn/oldconfig | |
56 | /usr/bin/perl -e "\ | |
57 | use strict; \ | |
58 | if (open(FILE, '/var/ipcop/vpn/oldconfig')){\ | |
59 | my @lines = <FILE>;\ | |
60 | close (FILE);\ | |
61 | foreach my \$line (@lines){\ | |
62 | my @confighash=split(',' ,\$line);\ | |
63 | \$confighash[15] = 'on' if (\$confighash[15] eq '');\ | |
64 | \$confighash[14] = 'off' if (\$confighash[14] eq '');\ | |
65 | \$confighash[19] = '3des' if (\$confighash[19] eq '');\ | |
66 | \$confighash[20] = 'sha|md5' if (\$confighash[20] eq '');\ | |
67 | \$confighash[21] = '1536|1024|768'if (\$confighash[21] eq '');\ | |
68 | \$confighash[17] = '1' if (\$confighash[17] eq '');\ | |
69 | \$confighash[22] = 'aes128|3des' if (\$confighash[22] eq '');\ | |
70 | \$confighash[23] = 'sha1|md5' if (\$confighash[23] eq '');\ | |
71 | \$confighash[18] = '8' if (\$confighash[18] eq '');\ | |
72 | \$confighash[25] = 'off' if (\$confighash[25] eq '');\ | |
73 | print join (',', @confighash); }}" >/var/ipcop/vpn/config | |
74 | rm /var/ipcop/vpn/oldconfig | |
75 | ||
76 | #build cachelang file after all "lang/*.pl" updates | |
77 | perl -e "require '/var/ipcop/lang.pl'; &Lang::BuildCacheLang" | |
78 | ||
79 | killall mingetty #redisplay correct version | |
80 | echo "end of $UPGRADEVERSION update" |